top of page



Phishers, Spoofers, and Spam: Combatting Internet Fraud

Confidence (con) artists have preyed on their victims for centuries. Now the internet has attracted all kinds of online confidence schemes. As a leader of your Scottish heritage society, you should educate yourself and protect your organization from the more common types of fraud.


Your society’s website is one of your most valuable assets. Hackers can use your online real estate for their own benefit unless you are vigilant. The first line of defense is ensuring that your website uses a Secure Sockets Layer (SSL.) This is an encryption-based Internet security protocol that ensures security of data transfer. This is particularly important when users transmit sensitive data, such as sending you membership dues or donations through your website. When a website uses SSL, its web address or Uniform Resource Locator (URL) starts with “HTTPS” instead of “HTTP.” Unfortunately, of the 162 known clan and family websites, 24 (or 15%) are not secure.

Usually, encryption is handled by the website management service that you use, such as GoDaddy, BlueHost, or Wix. However, you can also use a company called “Let’s Encrypt,” a nonprofit certificate authority (CA) that provides free TLS/SSL certificates.

Your more-informed users are already using secure browsers and services that reduce chances of virus infections. Browser protection detects and blocks malicious code that may corrupt or crash your computer. Secure browsers also prevent third-party tools (such as “cookies”) from stealing your private data, such as credit card and bank information. Many web browsers such as Firefox, Google Chrome, and Microsoft Edge have built-in security functions. You may also purchase other virus protection services such as Norton, McAfee, and Malwarebytes.

The second line of defense is having strong protection and security against hackers who may imbed their own virus into the code or a folder of your website. You can protect your organization’s website either by running regular security checks and updates yourself – or by letting your web hosting company handle the security. Many non-profit organizations rely on what is called “open source” platforms that do not cost any money – but are more likely to be hacked. The two most popular are Drupal and WordPress. The websites built on these platforms depend on applications and modules that are created by third parties – and may contain many security flaws and weaknesses. Website owners need to be especially vigilant in maintaining the latest version and assuring compatibility among these many bits of computer code. This can be time-consuming and frustrating if you are not technically competent. The alternative is using a website hosting company that uses proprietary software, such as Wix. These companies update their applications and maintain security so you don’t need the expertise or spend the time.


E-mail is the basis of modern business communications. Nowadays, you simply cannot recruit and retain members without corresponding through the Internet. As a result, con artists have adapted by creating ways to defraud you and your members.

The first line of defense is a secure email account. Use strong passwords with your accounts and change regularly. Never use your personal email account for conducting the business of your society. You should use email addresses that use the domain name of your society.

The second line of defense is an effective spam filter. Some email services have filters built into their services. For example, you may see a “spam” folder in your email software, such as Microsoft Outlook. You should check this folder regularly in case email from trusted sources are caught here.

The last line of defense is your own knowledge and good sense for detecting fraud. Two of the most widespread ways of conducting email fraud are through “spoofing” and “phishing.” Spoofing is when someone “spoofs” the identity of a usually trusted source by disguising the email address, sender name, phone number, or website URL.

Criminals use “spoofed” identities to “fish” or "phish" for some information or to encourage to take some action that would help them acquire that information. This “phishing” email may ask you to update or verify your personal information (such as your username and password) by replying to the email or visiting a website that may look similar to one you’ve used before. However, clicking on that link actually sends you to a website that might look nearly identical to the real thing and ask for your passwords, credit card numbers, banking PINs, etc.

Always be cautious about unsolicited email. if you do not recognize the recipient:

  • Check the recipient e-mail address for anomalies, as noted;

  • Never believe emails claiming problems with your accounts, prizes, or gift cards;

  • Be extra cautious of email from unfamiliar individuals with an address “” since these are the most associated with fraud;

  • Never open any attachment; and

  • Never click on a link or button within the body of the e-mail.

Social Media

Every Scottish heritage society should have public social media accounts in order to recruit new members. Public Facebook pages, in particular, can be a lucrative source of new members. However, due to the rise of fraud on these pages, many societies have taken their pages “private” by making them “members only” accounts. This is a mistake. You still need a public-facing account – even if you need to monitor it closely for misuse and fraud. The most common problems are shopping scams through unauthorized sales and “copyright infringement.”

While you may restrict the ability to post to only the Administrators, you should allow people to make comments. This opens the door to people using fake or temporary social media profiles to scam your followers with sales schemes, typically t-shirts with your logo or clan crest. You should report these scams to Facebook, block the profiles, and delete the comments.


The internet is an excellent resource for acquiring and retaining your members. Unfortunately, con artists will make your job a little harder. However, with a bit of knowledge and regular vigilance, you can help make your Scottish heritage survive and thrive.

If you have other ideas on how to combat internet fraud or if you need advice, let COSCA know. Contact Bart Forbes at


If you are Delegate or Alternate of a COSCA Organizational Member, you can access the complete article here:

This article includes:

  • complete list of 24 clan and family websites that are not secure;

  • information about the free website encryption service;

  • sources for comparing spam filter services;

  • examples of how to detect “spoofed” emails; and

  • specific instructions on how to report unauthorized sale on Facebook.


37 views0 comments


bottom of page